Configure Ranger KMS Database for SSL-enabled MySQL
When an SSL-enabled database is configured for use with Ranger KMS, you must add certain configurations to Ranger:
In
Ambari>Ranger KMS>Configs>Advanced>Custom kms-properties, add the following parameters:db_ssl_enabled=Truedb_ssl_required=Truedb_ssl_verifyServerCertificate=Truejavax_net_ssl_keyStore=/etc/ranger/admin/keystorejavax_net_ssl_keyStorePassword=rangerjavax_net_ssl_trustStore=/etc/ranger/admin/truststorejavax_net_ssl_trustStorePassword=ranger
Change keystore and truststore file paths according to your environment.
If certificate verification is not required, you can set value
falsein propertydb_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.In
Ambari>Ranger KMS>Configs>Advanced>Custom dbks-site, add the following parameters:ranger.ks.db.ssl.enabled=trueranger.ks.db.ssl.required=trueranger.ks.db.ssl.verifyServerCertificate=trueranger.ks.keystore.file=/etc/ranger/admin/keystoreranger.ks.keystore.password=rangerranger.ks.truststore.file=/etc/ranger/admin/truststoreranger.ks.truststore.password=password
Change keystore file path according to your environment.
If certificate verification is not required, then you can set value
falsein propertyranger.db.ssl.verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.Install/restart Ranger KMS.